package com.project.controller;

import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("order")
public class OrderController {
    //拥有指定角色可以访问该方法
    @RequiresRoles("manager")
    @RequestMapping("add")
    public String add(){

        return "添加订单";
    }

    @RequiresRoles({"manager","order"})
    @RequestMapping("del")
    public String del(){
        return "删除订单";
    }
    //拥有指定权限可以访问该方法
    @RequiresPermissions("order:update")
    @RequestMapping("update")
    public String update(){
        return "修改订单";
    }
    @RequiresPermissions("order:find")
    @RequestMapping("find")
    public String find(){
        return "查询订单";
    }
}
